DMCA
On the effectiveness of address-space randomization (2004)
Cached
Download Links
- [www.cs.dartmouth.edu]
- [cs.uccs.edu]
- [www.cs.ubc.ca]
- [www.cs.ubc.ca]
- [classes.soe.ucsc.edu]
- [people.cs.ubc.ca]
- [www.cse.ucsd.edu]
- [www.cs.ucsd.edu]
- [cseweb.ucsd.edu]
- [cseweb.ucsd.edu]
- [cseweb.ucsd.edu]
- [cseweb.ucsd.edu]
- [www.cs.jhu.edu]
- [www.cs.wisc.edu]
- [www.cs.jhu.edu]
- [www.cs.jhu.edu]
- [crypto.stanford.edu]
- [www.cs.ucl.ac.uk]
- [www.cs.ucl.ac.uk]
- [www0.cs.ucl.ac.uk]
- [www0.cs.ucl.ac.uk]
- [www0.cs.ucl.ac.uk]
- [www.scs.stanford.edu]
- [crypto.stanford.edu]
- [www.cse.usf.edu]
- [crypto.stanford.edu]
- [www.stanford.edu]
- [www.ida.liu.se]
- [www.utdallas.edu]
- [www.ida.liu.se]
- [www.utdallas.edu]
- [www.utdallas.edu]
- [www.utdallas.edu]
- [www1.cs.columbia.edu]
- [www.cs.columbia.edu]
- [www.utdallas.edu]
- [www.utdallas.edu]
- [web.stanford.edu]
- [www.ida.liu.se]
- [www.utdallas.edu]
- DBLP
Other Repositories/Bibliography
| Venue: | IN CCS ’04: PROCEEDINGS OF THE 11TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY |
| Citations: | 250 - 6 self |
BibTeX
@INPROCEEDINGS{Shacham04onthe,
author = {Hovav Shacham and Matthew Page and Ben Pfaff and Eu-jin Goh and Nagendra Modadugu and Dan Boneh},
title = {On the effectiveness of address-space randomization},
booktitle = {IN CCS ’04: PROCEEDINGS OF THE 11TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY},
year = {2004},
pages = {298--307},
publisher = {ACM Press}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
Address-space randomization is a technique used to fortify systems against buffer overflow attacks. The idea is to introduce artificial diversity by randomizing the memory location of certain system components. This mechanism is available for both Linux (via PaX ASLR) and OpenBSD. We study the effectiveness of address-space randomization and find that its utility on 32-bit architectures is limited by the number of bits available for address randomization. In particular, we demonstrate a derandomization attack that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization. The resulting exploit is as effective as the original, albeit somewhat slower: on average 216 seconds to compromise Apache running on a Linux PaX ASLR system. The attack does not require running code on the stack. We also explore various ways of strengthening address-space randomization and point out weaknesses in each. Surprisingly, increasing the frequency of rerandomizations adds at most 1 bit of security. Furthermore, compile-time randomization appears to be more effective than runtime randomization. We conclude that, on 32-bit architectures, the only benefit of PaX-like address-space randomization is a small slowdown in worm propagation speed. The cost of randomization is extra complexity in system support.
Keyphrases
address-space randomization 32-bit architecture certain system component worm propagation speed small slowdown standard buffer-overflow exploit system support artificial diversity buffer overflow attack pax-like address-space randomization memory location addressspace randomization various way compile-time randomization linux pax aslr system pax aslr derandomization attack runtime randomization address randomization extra complexity
